package com.example.mybatisplus.common.config;

import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import com.example.mybatisplus.realm.CustomRealm;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;

import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.HashMap;
import java.util.Map;


    @Configuration
    public class ShiroConfig {

        //从容器中拿去url配置规则
        @Autowired
        private ShiroProperties shiroProperties;

        @Bean
        @ConditionalOnMissingBean
        public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
            DefaultAdvisorAutoProxyCreator defaultAAP = new DefaultAdvisorAutoProxyCreator();
            defaultAAP.setProxyTargetClass(true);
            return defaultAAP;
        }

        //页面添加shiro标签以后,通过这个方法找到授权的方法
        @Bean
        public ShiroDialect shiroDialect() {
            return new ShiroDialect();
        }

        //将自己的验证方式加入容器
        @Bean
        public CustomRealm myShiroRealm() {
            CustomRealm customRealm = new CustomRealm();
            return customRealm;
        }

        //权限管理，配置主要是Realm的管理认证
        @Bean
        public SecurityManager securityManager() {
            DefaultWebSecurityManager   securityManager = new DefaultWebSecurityManager ();
            securityManager.setRealm(myShiroRealm());
            return securityManager;
        }




        //Filter工厂，设置对应的过滤条件和跳转条件

        @Bean
        public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
            ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
            shiroFilterFactoryBean.setSecurityManager(securityManager);
            //以下注释部分，还可以将配置定义到yaml中
            Map<String, String> map = new HashMap<>();

//            //默认登录页面，当用户未认证时，shiro就会将用户指向当前路径
//            shiroFilterFactoryBean.setLoginUrl("/api/login");
            //首页
            shiroFilterFactoryBean.setSuccessUrl("/dashboard");

// 配置系统的受限资源，authc是shiro验证过滤器的缩写，代表这个路径需要验证登录
//            map.put("/index", "authc");

            // 配置系统的公共资源
            map.put("/api/addUser","anon");
            map.put("/api/login","anon");
            //其余接口一律拦截
            //主要这行代码必须放在所有权限设置的最后，不然会导致所有 url 都被拦截
            map.put("/api/**","authc");



            // 将受限资源名单和公共资源名单告诉shiro
            shiroFilterFactoryBean.setFilterChainDefinitionMap(map);

            return shiroFilterFactoryBean;
        }

        @Bean
        public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
            AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
            authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
            return authorizationAttributeSourceAdvisor;
        }
    }

